CVE-2026-12057
8.6 HIGHWhen the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfac...
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 8.6 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- CWE
- CWE-829
Description
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48124 — Cursor is a code editor built for programming with AI
- CVE-2026-53810 — OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading towar... (8.8 HIGH)
- CVE-2026-52858 — Vim is an open source, command line text editor (7.8 HIGH)
- CVE-2026-47174 — In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes
- CVE-2026-47172 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support